This repository has been archived by the owner on Jan 13, 2022. It is now read-only.
forked from AutomatedTester/Garmr
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
AutomatedTester
committed
May 17, 2011
1 parent
26000e5
commit e3c80ac
Showing
4 changed files
with
153 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
*.swp | ||
dist/ | ||
*.egg-info/ | ||
*.pyc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
#!/usr/bin/python | ||
|
||
import httplib | ||
import urllib2 | ||
from optparse import OptionParser | ||
|
||
class Reporter(object): | ||
pass | ||
|
||
|
||
class Garmr(object): | ||
|
||
def __init__(self, urls): | ||
self.urls = urls | ||
|
||
def xframe_checks(self): | ||
try: | ||
response = urllib2.urlopen(self.urls) | ||
response_headers = response.headers.headers | ||
headers = self._clean_header(response_headers) | ||
print "Checking x-frame-options" | ||
try: | ||
assert headers["x-frame-options"] == "DENY" or \ | ||
headers["x-frame-options"] == "SAMEORIGIN", \ | ||
"x-frame-options were: %s" % headers["x-frame-options"] | ||
|
||
print "x-frame-options were correct" | ||
except KeyError: | ||
print "x-frame-options were not found in headers" | ||
except AssertionError, e: | ||
print str(e) | ||
finally: | ||
print "\n" | ||
|
||
def trace_checks(self): | ||
try: | ||
print "Checking TRACE is not valid" | ||
http_urls = self._clean_url(self.urls) | ||
request = httplib.HTTPConnection(http_urls[0]) | ||
if len(http_urls) > 1: | ||
request.request("TRACE", http_urls[1]) | ||
else: | ||
request.request("TRACE", "/") | ||
|
||
request.getresponse() | ||
raise Exception("TRACE is a valid HTTP call") | ||
except httplib.BadStatusLine, e: | ||
print "TRACE is not valid" | ||
except Exception, e: | ||
print str(e) | ||
finally: | ||
print "\n" | ||
|
||
|
||
def redirect_checks(self): | ||
response = urllib2.urlopen(self.urls) | ||
try: | ||
print "Checking for HTTPS" | ||
assert "https://" in response.geturl(), "Have not been redirected to HTTPS" | ||
print "Redirected to HTTPS version of site" | ||
except AssertionError, e: | ||
print str(e) | ||
finally: | ||
print "\n" | ||
|
||
|
||
def _clean_header(self, response_headers): | ||
headers = {} | ||
for head in response_headers: | ||
lst = head.strip(" \r\n").split(":") | ||
headers[lst[0]] = lst[1].strip() | ||
return headers | ||
|
||
def _clean_url(self, urls): | ||
import re | ||
mtch = re.search("https?://([^/]*?)(/.*)?", urls) | ||
split = [] | ||
for matches in mtch.groups(): | ||
split.append(matches) | ||
return split | ||
|
||
def main(): | ||
usage = "Usage: %prog [option] arg" | ||
parser = OptionParser(usage=usage) | ||
parser.add_option("-u", "--url", action="store", type="string", | ||
dest="aut", help="Url to be tested") | ||
parser.add_option("-f", "--file", action="store", type="string", | ||
dest="file_name", | ||
help="File name with URLS to test, Currently not available") | ||
|
||
(options, args) = parser.parse_args() | ||
|
||
garmr = Garmr(options.aut) | ||
garmr.trace_checks() | ||
garmr.xframe_checks() | ||
garmr.redirect_checks() | ||
|
||
|
||
if __name__ == "__main__": | ||
|
||
|
||
|
||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
import os | ||
import sys | ||
from setuptools import setup, find_packages | ||
def main(): | ||
setup(name='Garmr', | ||
version='0.1a', | ||
description='A tool for testing a web application for basic security holes', | ||
author='David Burns', | ||
author_email='dburns at mozilladotcom', | ||
entry_points= make_entry_points(), | ||
url='https://github.com/AutomatedTester/Garmr', | ||
classifiers=['Development Status :: 2 - Pre-Alpha', | ||
'Intended Audience :: Developers', | ||
'License :: OSI Approved :: Mozilla Public License 1.1 (MPL 1.1)', | ||
'Operating System :: POSIX', | ||
'Operating System :: Microsoft :: Windows', | ||
'Operating System :: MacOS :: MacOS X', | ||
'Topic :: Software Development :: Testing', | ||
'Topic :: Software Development :: Libraries', | ||
'Programming Language :: Python'], | ||
packages=find_packages() | ||
) | ||
|
||
def cmdline_entrypoints(versioninfo, platform, basename): | ||
target = 'garmr:main' | ||
if platform.startswith('java'): | ||
points = {'garmr': target} | ||
else: | ||
if basename.startswith("pypy"): | ||
points = {'garmr-%s' % basename: target} | ||
else: # cpython | ||
points = {'garmr-%s.%s' % versioninfo[:2] : target,} | ||
points['garmr'] = target | ||
return points | ||
|
||
def make_entry_points(): | ||
basename = os.path.basename(sys.executable) | ||
points = cmdline_entrypoints(sys.version_info, sys.platform, basename) | ||
keys = list(points.keys()) | ||
keys.sort() | ||
l = ["%s = %s" % (x, points[x]) for x in keys] | ||
return {'console_scripts': l} | ||
|
||
if __name__ == '__main__': | ||
main() |